OracleVM 3.3 : nss (OVMSA-2015-0073)

medium Nessus Plugin ID 84440

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

nss

- Added nss-vendor.patch to change vendor

- Additional NULL initialization.

- Updated the patch to keep old cipher suite order

- Resolves: Bug 1224449

- Rebase to nss-3.19.1

- Resolves: Bug 1224449

- On RHEL 6.x keep the TLS version defaults unchanged.

- Relax the requirement from pkcs11-devel to nss-softokn-freebl-devel to allow same or newer.

- Require softokn build 22 to ensure runtime compatibility.

- Update to CKBI 2.4 from NSS 3.18.1 (the only change in NSS 3.18.1)

- Update and reeneable nss-646045.patch on account of the rebase

- Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL7.1]

- Fix shell syntax error in nss/tests/all.sh

- Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

- Restore a patch that had been mistakenly disabled

- Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

- Replace expired PayPal test certificate that breaks the build

- Resolves: Bug 1207052 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

- Rebase to NSS 3.18

- Resolves: Bug 1200900 - Rebase nss to 3.18 for Firefox 38 ESR [RHEL-6.6]

- Keep the same cipher suite order as we had in NSS_3_15_3_RTM

- Resolves: Bug 1202488 - openldap-2.4.23-34.el6_5.1.i686 fails after updating nss to nss-3.16.1-4.el6_5.i686

- Resolves: Bug 1182902 - rhel65 ns-slapd crash, segfault error 4 in libnss3.so in PK11_DoesMechanism at pk11slot.c:1824

nss-util

- Rebase to nss-3.19.1

- Resolves: Bug 1224449

- Resolves: - Bug 1205064 - [RHEL6.6] nss-util 3.18 rebase required for firefox 38 ESR

Solution

Update the affected packages.

See Also

https://oss.oracle.com/pipermail/oraclevm-errata/2015-June/000323.html

Plugin Details

Severity: Medium

ID: 84440

File Name: oraclevm_OVMSA-2015-0073.nasl

Version: 2.4

Type: local

Published: 6/29/2015

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:nss, p-cpe:/a:oracle:vm:nss-sysinit, p-cpe:/a:oracle:vm:nss-tools, p-cpe:/a:oracle:vm:nss-util, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Patch Publication Date: 6/26/2015

Vulnerability Publication Date: 6/26/2015